Why Does A/D Account Need SQL Server Login?

active-directory sql-server windows-authentication
5,318

Solution 1

No, mixed mode does not require both, obviously - it requires either one.

Your mistake is in thinking that AD credentials automatically allow SQL server access; they don't, you still have to GRANT this access. Otherwise, how would Sql Server know how much access they have?

Create a new Login for DOMAIN\cnorton and map the user to some databases.

CREATE LOGIN 'DOMAIN\cnorton' FROM WINDOWS
GO
GRANT ALL PRIVILEGES ON YourDatabase To 'DOMAIN\cnorton'
GO

Alternatively, you can add this user to a fixed database role:

USE YourDatabase
GO
ALTER ROLE db_owner ADD MEMBER 'DOMAIN\cnorton'

Solution 2

SQL Server is an application. Windows Authentication and SQL authentication are two different methods for authenticating to SQL Server as an application. Both types require a user principal to be defined/created with some level of access. That's what a login is. You can create a login of either type but you must create the login and grant it some level of access.

Solution 3

You still need to create a login in SQL server for the AD user 'cnorton', but you do not need to create a password for him.

In SSMS, select the server instance you need, and then under logins, right click and hit "New login..."

In the dialog you can press the search button, and search your AD instance for names:search dialog

You can see in this case I've selected a test user from my AD instance. This user will be able to login to SSMS or make connections based on the SQL Server permissions you grant to that login just by being logged into Windows with that user.

Share:
5,318

Related videos on Youtube

octopusgrabbus
Author by

octopusgrabbus

Updated on September 18, 2022

Comments

  • octopusgrabbus
    octopusgrabbus over 1 year

    I need some help on understanding the differences between Windows and SQL Server Authentication:

    We have a SQL Server 2008 set to SQL Server and Windows Authentication Mode.

    There is one A/D user -- munis -- that can log into our SQL Server. That user also has a login in SQL Server with Public and Sysadmin roles.

    There is another user -- cnorton -- who cannot log into the SQL Server and has no local login in the SQL Server.

    I thought that Windows authentication allowed A/D (domain) users to log into a SQL Server. User cnorton has more A/D privileges than does user munis, like Domain Admin and Sysadmin.

    So my question is does Windows and SQL Server Authentication mode require a local SQL Server login, and why?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I configure a SQL Server datasource in JBoss to connect using a specific Active Directory user?
401 - Unauthorized in IE7 only with windows authentication.
Available fields for ADSI Linked in SQL Server
Additional User Account, Windows Authentication in SQL Server Management Studio
Running a Windows service under a domain account from a non-member server
Unable to login to SQL Server Management Studio using domain account
Windows authentication failure between multiple domains (sites)
Clear SPN changes from server cache
"Unknown user name or bad password" when I launch ADUC
What permissions are required for SQL Server to run as a (active directory) domain user